Re: Nagging Autorization issue for Companyweb after ISA04 install
Well, after much checking, I have semi-resolved or narrowed down the issue.
When running CEICW, I had to modify the firewall setting to UNcheck the
Windows Sharepoint Services intranet site (Companyweb) setting. Re-running
CEICW and checking the allow access to Companyweb results in the
authentication dialog to open again, but only on the "Home Page", subsequent
pages views are normal, same as before. On a client machine the
authentication dialog does ask for credentials for the FQDN ie .com for the
server.
""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:KYTvVEBHGHA.1240@xxxxxxxxxxxxxxxxxxxxxxxx
> Hi Chip,
>
> Thanks for your update.
>
> I can not find the screen shot you have attached. Can you send it to me at
> v-crinal@xxxxxxxxxxxxx?
>
> From the current description, we can check the following to see if it
> helps:
>
> 1. Please re-run CEICW Wizard.
> 2. Check the companyweb CNAME entry in the DNS Server.
>
> 1) Open DNS console.
> 2) Expand Server name | Forward Lookup Zones.
> 3) Click Server.local.
> 4) Double click companyweb and then check if FQDN is companyweb.domain.
> 5) FQDN for target host is Full computer name of SBS.
>
> 3. PING companyweb from the LAN client, gather the screenshot.
> 4. Get the IPconfig result on the client computer and SBS.
> 5. Install Firewall Client on client computer.
> 6. Does the situation occur when you access companyweb from the ISA
> itself?
> 7. Locate the SBS Protected Networks Access Rule, make sure the rule is
> applied to All Users. Move it to the top and apply the settings.
> 8. Try to UNCHECK the "Bypass proxy server for local address" Option.
>
> If the problem persists, please temporarily disable the companyweb
> publishing rule, and then test the issue again.
>
> If you do not have issues when access http://<internal IP>/remote and
> http://<internal IP>/exchange, please check the security settings of the
> companyweb Virtual Directory as following:
>
> In IIS, make sure that Companyweb is listening on the 444 port on every
> network interface on your SBS server and the permission. To do so, please
> follow the steps below:
>
> 1. Open IIS.
> 2. Right-click Companyweb and then click Properties.
> 3. Click Advanced in the Web Site tab.
> 4. Click to select the entry that includes SSL port 444, and then click
> Edit.
> 5. Make sure that we choose " (All Unassigned)" in the IP address list.
> 6. Click OK to close the open windows.
> 7. Click the "Directory Security" tab.
> 8. In the "Authentication and access control" section, click the Edit
> button.
> 9. Make sure only the following boxes are checked:
>
> Integrated Windows authentication
>
> 10. Click OK.
> 11. In the "IP address and domain restrictions" section, click the Edit
> button.
> 12. Make sure "Granted access" is selected and there are no items in the
> list box.
> 13. Click OK.
> 14. Click the "Documents" tab and make sure "Enable default content page"
> is select and the following items are listed in order:
>
> Default.htm
> Default.asp
> index.htm
> Default.aspx
>
> If any items are missing, please add them and make them the correct order.
>
> If it does not work, please help me collect ISA info and ISA log:
>
> 1. Collect the ISA info:
>
> 1) Download the file from the following URL:
>
> http://www.isatools.org/isainfo/ISAInfo.zip
>
> 2) Extract all files to a folder on ISA server
> 3) Double click Isainfo.js. This will generate 2 files
> ISAInfo2004-<computer-name>.log and ISAInfo2004-<computer-name>.xml in the
> current folder.
> 4) Please send these files to me at v-crinal@xxxxxxxxxxxxxx
>
> 2. Please also help to gather the ISA logs:
>
> 1) Schedule a down time.
> 2) Open ISA 2004 management console.
> 3) Expand the server node and highlight 'Monitoring'.
> 4) In the right pane, switch to the 'Logging' tab, make sure the 'Task
> Pane' is showed there.
> 5) In the 'Task Pane', click 'Configure Firewall Logging' under 'Logging
> Tasks', and then switch the 'log storage format' from 'MSDE database'
> (default) to 'File'.
> 6) Switch to the 'Fields' tab, click 'Select All', and then click OK.
> 7) In the 'Task Pane', click 'Configure Web Proxy Logging' under 'Logging
> Tasks', and then switch the 'log storage format' from 'MSDE database'
> (default) to 'File'.
> 8) Switch to the 'Fields' tab, click 'Select All', and then click OK.
> 9) Click 'Apply' to save changes and update the configuration.
> 10) Temporarily disable the Firewall service. To do that, please click
> Monitoring | Services tab, and then right click 'Microsoft Firewall' to
> choose 'Stop'.
> 11) Clear the current existing W3C logs. To do that, go to the log saving
> directory and clean any existing .W3C logs. By default, the logs will be
> saved to 'C:\Program Files\Microsoft ISA Server\ISALogs'. (Some MDF may
> not
> be able to deleted, that's normal.) You may backup them first and then
> delete them.
> 12) Go back to the ISA 2004 management console, and then Start the stopped
> 'Microsoft Firewall' service.
> 13) Reproduce the problem (initiate an SQL access), stop the service, and
> then gather the resulting W3C files to me for analysis.
>
> If you have any questions or concerns related to this issue, please let me
> know.
>
> I appreciate your time and look forward to hearing from you.
>
> Best regards,
>
> Crina Li (MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
>
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> --------------------
> | Reply-To: "ChipW" <Chip@xxxxxxxxxxxxxxxxxx>
> | From: "ChipW" <Chip@xxxxxxxxxxxxxxxxxx>
> | | Subject: Re: Nagging Autorization issue for Companyweb after ISA04
> install
> | Date: Tue, 17 Jan 2006 12:50:09 -0500
> || Newsgroups: microsoft.public.windows.server.sbs
> | |
> | Thanks for replying Crina Li,
> |
> | The ISA setup was exactly as you suggested, I did change it and then
> change
> | it back again to confirm the settings were saved. The IE setup was also
> as
> | you recommended.
> |
> | CEICW has been run several times since ISA 2004 was installed.
> | SBS SP1 was installed concurrently with ISA 2004
> |
> | A screenshot is attached. Please note, on my desktop client the
> username
> is
> | automaticaly filled in, but not on my laptop where this screenshot was
> | taken. Also note the logon to shows the .com url for the server, I'm
> | thinking this is the problem. Seems i couldn't get the message to upload
> | with the screenshot attached...
> |
> | Thanks
> | Chip
> |
> | ""Crina Li"" <v-crinal@xxxxxxxxxxxxxxxxxxxx> wrote in message
> | news:vl4V3POFGHA.3680@xxxxxxxxxxxxxxxxxxxxxxxx
> | > Hi Chip,
> | >
> | > Thank you for posting in SBS newsgroup.
> | >
> | > I am sorry for the delayed response due to weekend. Please understand
> that
> | > the newsgroups are staffed weekdays by Microsoft Support professionals
> to
> | > answer your systems and applications questions. Your understanding is
> | > greatly appreciated!
> | >
> | > From the description, I understand the issue to be: a logon box will
> pop
> | > up
> | > when you access companyweb after installing ISA 2004. If I have
> | > misunderstood your concerns, please do not hesitate to let me know.
> | >
> | > We can check the following to see if the issue can be solved:
> | >
> | > 1. On ISA Management, make sure "Require all users to authenticate" is
> not
> | > selected as following:
> | >
> | > 1) Click "Start", point to "Programs", point to "Microsoft ISA
> Server",
> | > and
> | > then click "ISA Server Management".
> | > 2) In "ISA Server Management", in the right pane, click the "Toolbox"
> tab,
> | > and then click "Networks".
> | > 3) Right click Internal and select Properties.
> | > 4) In Web Proxy tab | Authentication button, make sure "Require all
> users
> | > to authenticate" is not selected.
> | >
> | > 2. On client machine, make sure the following:
> | >
> | > 1) Open IE and then click Tools menu.
> | > 2) Select Internet Options and then click Connections tab.
> | > 3) Click LAN Settings and then make sure you have checked Use a Proxy
> | > server and Bypass proxy server for local address.
> | >
> | > If the problem still occurs, to narrow down the problem, would you
> please
> | > help me collect the following information?
> | >
> | > 1. Have you rerun CEICW after installing ISA 2004?
> | > 2. Have you installed SBS SP1?
> | > 3. Can you attach a screen shot to newsgroup when the issue occurs?
> | >
> | > I am appreciated your time and look forward to hearing from you.
> | >
> | > Best regards,
> | >
> | > Crina Li (MSFT)
> | >
> | > Microsoft CSS Online Newsgroup Support
> | >
> | > Get Secure! - www.microsoft.com/security
> | >
> | > =====================================================
> | > This newsgroup only focuses on SBS technical issues. If you have
> issues
> | > regarding other Microsoft products, you'd better post in the
> corresponding
> | > newsgroups so that they can be resolved in an efficient and timely
> manner.
> | > You can locate the newsgroup here:
> | > http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
> | >
> | > When opening a new thread via the web interface, we recommend you
> check
> | > the
> | > "Notify me of replies" box to receive e-mail notifications when there
> are
> | > any updates in your thread. When responding to posts via your
> newsreader,
> | > please "Reply to Group" so that others may learn and benefit from your
> | > issue.
> | >
> | > Microsoft engineers can only focus on one issue per thread. Although
> we
> | > provide other information for your reference, we recommend you post
> | > different incidents in different threads to keep the thread clean. In
> | > doing
> | > so, it will ensure your issues are resolved in a timely manner.
> | >
> | > For urgent issues, you may want to contact Microsoft CSS directly.
> Please
> | > check http://support.microsoft.com for regional support phone numbers.
> | >
> | > Any input or comments in this thread are highly appreciated.
> | >
> | > =====================================================
> | >
> | > This posting is provided "AS IS" with no warranties, and confers no
> | > rights.
> | > --------------------
> | > | Reply-To: "ChipW" <Chip@xxxxxxxxxxxxxx>
> | > | From: "ChipW" <Chip@xxxxxxxxxxxxxx>
> | > | Subject: Nagging Autorization issue for Companyweb after ISA04
> install
> | > | Date: Fri, 6 Jan 2006 11:36:06 -0500
> | > || Newsgroups: microsoft.public.windows.server.sbs
> | > | |
> | > | Awhile ago, after a combersome upgrade to ISA 2004, my Companyweb
> | > homepage
> | > | pops up the logon box. Clicking cancel does not impede further use
> of
> | > the
> | > | site, but it is just a pain everytime you open a new IE instance,
> that
> | > | defaults to Companyweb, you have to click cancel. Any ideas where I
> | > should
> | > | begin to look for a fix on this.
> | > |
> | > | Thanks
> | > | Chip
> | > |
> | > |
> | > |
> | >
> |
> |
> |
> |
>
.
